FILE PHOTO: Anthropic logo, a keyboard and a robotic hand in this illustration created on June 5, 2026. REUTERS/Dado Ruvic/Illustration/File Photo

Exclusive-US cyber agency is using Anthropic's Mythos to audit government code, sources say

· CNA · Join

Read a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST

WASHINGTON, July 6 : The U.S. cyber defense agency CISA is using Anthropic's AI model Mythos to audit government software, three people familiar with the matter said on Monday, another sign of government enthusiasm for adopting the AI startup's tools even as the company navigates an ongoing standoff with the White House.

The Cybersecurity and Infrastructure Security Agency is using Mythos to scan government code repositories for bugs that could leave the door open for foreign spies and cybercriminals, the sources said.  

Anthropic did not respond to questions about the initiative. A CISA representative said last month that he would check to see if there was anything to share about the matter but did not respond to further emails.

The scanning is being done by CISA's Attack Surface Evaluation team, according to one of the sources. The team is a group within CISA that conducts digital security assessments and hacking exercises across government.

CNA Games

Guess Word
Crack the word, one row at a time

Buzzword
Create words using the given letters

Mini Sudoku
Tiny puzzle, mighty brain teaser

Mini Crossword
Small grid, big challenge

Word Search
Spot as many words as you can
Show More
Show Less

Two of the sources said the audits had already uncovered a large number of vulnerabilities but did not elaborate. Reuters could not establish exactly how much government code the team had gone through or the nature or severity of the bugs it discovered.

ANTHROPIC'S ROCKY U.S. GOVERNMENT TIES

Anthropic, which has confidentially filed for a U.S. initial ​public offering, has had a tumultuous relationship with the U.S. government. Relations reached a nadir in February after the San Francisco-based company refused ​to remove safeguards ⁠that prevented its AI from being used for autonomous weapons or domestic surveillance. That prompted the Pentagon to slap it with a formal supply-chain risk designation, a label heretofore applied to foreign companies suspected of facilitating espionage.

The extraordinary blacklisting was blocked by a judge in March, and the conflict has eased following the private release of Anthropic's Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities.

The National Security Agency, the U.S. government's powerful eavesdropping agency, has been using Mythos as far back as April despite the blacklist, Axios has reported. Late last month, the New York Times said that NSA analysts had been testing Mythos in classified settings and coming away impressed with its capabilities. But when Anthropic ⁠rolled ​out a public version of Mythos called Fable, ​which included what it described as cybersecurity safeguards, the White House suddenly demanded that it ban foreigners from running it. This triggered a global shutdown of the model that was lifted only last week.  

The NSA and the White House did not immediately respond to requests for comment.

Source: Reuters

Newsletter

Week in Review

Subscribe to our Chief Editor’s Week in Review

Our chief editor shares analysis and picks of the week's biggest news every Saturday.

Sign up for our newsletters

Get our pick of top stories and thought-provoking articles in your inbox

Subscribe here

Get the CNA app

Stay updated with notifications for breaking news and our best stories

Download here

Get WhatsApp alerts

Join our channel for the top reads for the day on your preferred chat app

Join here